-
Apache OpenOffice has released version 4.1.16, addressing seven critical security vulnerabilities that enable unauthorized remote document loading and memory corruption attacks. These flaws represent a significant security risk to users of the popular open-source office suite. The most severe vulnerabilities involve unauthorized remote content loading without user prompts or warnings. Attackers can exploit these weaknesses to load […] The post Multiple Apache OpenOffice Vulnerabilities Leads to Memory Corruption and Unauthorized Content Loading appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has disclosed two critical security vulnerabilities in GitHub Copilot and Visual Studio that could allow attackers to bypass essential security features. Both vulnerabilities were released on November 11, 2025, and have been assigned an Important severity rating. Path Traversal Vulnerability in Visual Studio The first vulnerability, tracked as CVE-2025-62449, stems from improper limitations in pathname […] The post GitHub Copilot and Visual Studio Vulnerabilities Allow Attacker to Bypass Security Feature appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
An advanced hacking group is actively exploiting zero-day vulnerabilities in Cisco Identity Services Engine (ISE) and Citrix systems. These attacks, spotted in real-world operations, allow hackers to deploy custom webshells and gain deep access to corporate networks. The findings highlight how attackers are targeting key systems that manage user logins and network controls, putting businesses […] The post Hackers Actively Exploiting Cisco and Citrix 0-Days in the Wild to Deploy Webshell appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Tor Browser 15.0.1 is now available for download, bringing essential security patches and bug fixes to users across all platforms. The latest release includes critical security updates from Firefox 140.5.0esr, addressing multiple vulnerabilities that could impact browser security and user privacy. The update upgrades the Tor Browser to Firefox 140.5.0esr and includes critical security fixes […] The post Tor Browser 15.0.1 Released With Fix for Multiple Security Vulnerabilities appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A Server-Side Request Forgery (SSRF) vulnerability in OpenAI’s ChatGPT. The flaw, lurking in the Custom GPT “Actions” feature, allowed attackers to trick the system into accessing internal cloud metadata, potentially exposing sensitive Azure credentials. The bug, discovered by Open Security during casual experimentation, highlights the risks of user-controlled URL handling in AI tools. SSRF vulnerabilities […] The post ChatGPT Hacked Using Custom GPTs Exploiting SSRF Vulnerability to Expose Secrets appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has disclosed a significant vulnerability in Windows Remote Desktop Services (RDS) that could allow authorized attackers to escalate their privileges on affected systems. Tracked as CVE-2025-60703, the flaw stems from an untrusted pointer dereference, a classic memory safety issue that has plagued software for years, and carries an “Important” severity rating from the company. The […] The post Windows Remote Desktop Services Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In the fast-paced world of “vibecoding,” where developers use AI to build applications rapidly, a new open-source tool is stepping up to tackle security risks. SecureVibes, created by developer Anshuman Bhartiya, leverages Anthropic’s Claude AI through a multi-agent system to detect vulnerabilities in codebases automatically. Released in October 2025, this Python-based scanner aims to make […] The post SecureVibes – AI-backed Tool Uses Claude AI Agents to Scan for Vulnerabilities Across 11 Languages appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has released Chrome version 142.0.7444.162/.163 to address a high-severity security vulnerability in the V8 JavaScript engine. The stable channel update is now rolling out across Windows, Mac, and Linux platforms over the coming days and weeks. The security fix addresses CVE-2025-13042, classified as a “High” severity vulnerability involving an inappropriate implementation in V8, Chrome’s core […] The post Chrome Patches High-severity Implementation Vulnerability in V8 JavaScript engine appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has assigned CVE-2025-62215 to a new Windows Kernel elevation of privilege flaw that is being actively exploited in the wild. Published on November 11, 2025, the vulnerability is rated Important and tracked as an elevation of privilege issue in the kernel. Microsoft’s exploitability index lists “Exploitation Detected,” indicating real-world use despite the absence of […] The post Windows Kernel 0‑day Vulnerability Actively Exploited in the Wild to Escalate Privilege appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft rolled out its November 2025 Patch Tuesday security updates today, addressing 63 vulnerabilities across its product and service ecosystem. Among these, one zero-day flaw has already been exploited in the wild, underscoring the urgency for organizations and users to apply patches promptly to mitigate potential threats. The updates cover Windows, Office, Azure, Visual Studio, […] The post Microsoft November 2025 Patch Tuesday – 63 Vulnerabilities, Including 1 Zero-Day Fixed appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
